Upgrade GitHub Actions to latest versions

[salmanmkc]

Summary

Upgrade GitHub Actions to their latest versions for improved features, bug fixes, and security updates.

Changes

Action	Old Version(s)	New Version	Release	Files
aquasecurity/trivy-action	0.32.0	0.33.1	Release	vulnerability-check.yaml
golangci/golangci-lint-action	v8	v9	Release	build-and-test.yaml

Why upgrade?

Keeping GitHub Actions up to date ensures:

• Security: Latest security patches and fixes
• Features: Access to new functionality and improvements
• Compatibility: Better support for current GitHub features
• Performance: Optimizations and efficiency improvements

Security Note

Actions that were previously pinned to commit SHAs remain pinned to SHAs (updated to the latest release SHA) to maintain the security benefits of immutable references.

Testing

These changes only affect CI/CD workflow configurations and should not impact application functionality. The workflows should be tested by running them on a branch before merging.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[Copilot]

Pull request overview

Updates CI workflows to use newer versions of third-party GitHub Actions (Trivy scanning and golangci-lint) to keep the pipeline current with upstream improvements and fixes.

Changes:

• Bump aquasecurity/trivy-action from 0.32.0 to 0.33.1 in the vulnerability scan workflow.
• Bump golangci/golangci-lint-action from v8 to v9 in the build/test workflow.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
.github/workflows/vulnerability-check.yaml	Upgrades Trivy action version used for PR scans and SARIF reporting.
.github/workflows/build-and-test.yaml	Upgrades golangci-lint action major version used in the lint job.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

PR description references keeping actions pinned to commit SHAs, but this workflow uses the movable major tag @v9 for golangci-lint-action. Consider pinning to a specific commit SHA for stronger supply-chain guarantees, or adjust the PR description so it doesn’t suggest SHA pinning applies to this change.

[Copilot]

PR description mentions that actions pinned to commit SHAs remain pinned for supply-chain security, but this workflow still references Trivy via a mutable version tag. Either update the PR description to avoid implying SHA pinning here, or pin this action to a specific commit SHA (and update it as part of the upgrade).